| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: doppelt unterstrichene grüne Wörter tauchen wahlos auf jeder Seite aufWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.05.2014, 13:50
| #16 |
| /// TB-Ausbilder   |  doppelt unterstrichene grüne Wörter tauchen wahlos auf jeder Seite auf Servus, Achtung! Der OTL-Fix ist sehr umfangreich! Vergewissere dich, dass du alles aus der Code-Box auch bei dir einfügst, bevor du auf "Fix" drückst! Schritt 1
Code:
ATTFilter :files
C:\Windows\system32\UpdSvc.dll
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Joosoft.com]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"Update-Service-Installer-Service"=-
"Update-Service"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache]
"DisplayName"="@%SystemRoot%\\System32\\dnsapi.dll,-101"
"Group"="TDI"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,53,00,65,00,72,00,76,\
00,69,00,63,00,65,00,00,00
"Description"="@%SystemRoot%\\System32\\dnsapi.dll,-102"
"ObjectName"="NT AUTHORITY\\NetworkService"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):54,00,64,00,78,00,00,00,6e,00,73,00,69,00,00,00,00,00
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,\
00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
64,00,6e,00,73,00,72,00,73,00,6c,00,76,00,72,00,2e,00,64,00,6c,00,6c,00,00,\
00
"ServiceDllUnloadOnStop"=dword:00000001
"extension"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,\
00,6e,00,73,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DnsCache]
"ShutdownOnIdle"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Security]
"Security"=hex:01,00,14,80,f8,00,00,00,04,01,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,c8,00,08,00,00,00,00,02,18,00,9d,01,02,00,01,02,00,00,00,00,00,\
05,20,00,00,00,21,02,00,00,00,02,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\
20,00,00,00,20,02,00,00,00,02,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,\
00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,02,\
14,00,8d,00,02,00,01,01,00,00,00,00,00,05,14,00,00,00,00,02,14,00,8d,00,02,\
00,01,01,00,00,00,00,00,05,13,00,00,00,00,02,18,00,cd,00,02,00,01,02,00,00,\
00,00,00,05,20,00,00,00,2c,02,00,00,00,02,28,00,cd,01,02,00,01,06,00,00,00,\
00,00,05,50,00,00,00,04,c9,44,af,94,d9,d3,e5,2b,e1,b7,1c,17,84,87,13,6e,1a,\
fa,65,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,\
00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo\0]
"Type"=dword:00000004
"Action"=dword:00000001
"GUID"=hex:07,9e,56,b7,21,84,e0,4e,ad,10,86,91,5a,fd,ad,09
"Data0"=hex:35,00,33,00,35,00,35,00,00,00,55,00,44,00,50,00,00,00,00,00
"DataType0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation]
"DisplayName"="@%systemroot%\\system32\\wkssvc.dll,-100"
"Group"="NetworkProvider"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,53,00,65,00,72,00,76,\
00,69,00,63,00,65,00,00,00
"Description"="@%systemroot%\\system32\\wkssvc.dll,-101"
"ObjectName"="NT AUTHORITY\\NetworkService"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):42,00,6f,00,77,00,73,00,65,00,72,00,00,00,4d,00,52,00,\
78,00,53,00,6d,00,62,00,31,00,30,00,00,00,4d,00,52,00,78,00,53,00,6d,00,62,\
00,32,00,30,00,00,00,4e,00,53,00,49,00,00,00,00,00
"ServiceSidType"=dword:00000001
"RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
00,00,53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,00,69,00,76,00,69,\
00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,60,ea,00,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage]
"Bind"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,53,00,6d,00,62,\
00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,38,00,32,00,30,00,39,00,\
38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,\
00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,\
44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,\
00,69,00,63,00,65,00,5c,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,\
70,00,36,00,5f,00,7b,00,37,00,46,00,30,00,37,00,35,00,37,00,39,00,35,00,2d,\
00,30,00,33,00,37,00,32,00,2d,00,34,00,42,00,41,00,41,00,2d,00,42,00,36,00,\
30,00,43,00,2d,00,34,00,36,00,41,00,31,00,37,00,41,00,34,00,31,00,41,00,39,\
00,44,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,\
53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,31,\
00,35,00,39,00,45,00,41,00,44,00,33,00,38,00,2d,00,45,00,44,00,36,00,31,00,\
2d,00,34,00,35,00,30,00,33,00,2d,00,38,00,33,00,44,00,34,00,2d,00,34,00,43,\
00,37,00,35,00,42,00,36,00,37,00,42,00,41,00,32,00,39,00,43,00,7d,00,00,00,\
5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,53,00,6d,00,62,00,5f,00,54,\
00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,\
43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,\
00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,\
42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,\
00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,38,00,32,00,\
30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,\
00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,\
45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,5c,00,44,\
00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,36,00,\
5f,00,7b,00,37,00,46,00,30,00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,33,\
00,37,00,32,00,2d,00,34,00,42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,00,\
2d,00,34,00,36,00,41,00,31,00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,33,\
00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,\
70,00,69,00,70,00,36,00,5f,00,7b,00,31,00,35,00,39,00,45,00,41,00,44,00,33,\
00,38,00,2d,00,45,00,44,00,36,00,31,00,2d,00,34,00,35,00,30,00,33,00,2d,00,\
38,00,33,00,44,00,34,00,2d,00,34,00,43,00,37,00,35,00,42,00,36,00,37,00,42,\
00,41,00,32,00,39,00,43,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,\
65,00,5c,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,38,00,32,00,30,\
00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,\
43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,\
00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,5c,00,44,00,\
65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,62,00,69,00,6f,00,73,\
00,53,00,6d,00,62,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,\
4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,\
00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,\
33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,\
00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,\
00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,\
00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,37,00,46,00,\
30,00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,33,00,37,00,32,00,2d,00,34,\
00,42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,00,2d,00,34,00,36,00,41,00,\
31,00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,33,00,7d,00,00,00,5c,00,44,\
00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,\
54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,31,00,35,00,39,00,45,00,41,\
00,44,00,33,00,38,00,2d,00,45,00,44,00,36,00,31,00,2d,00,34,00,35,00,30,00,\
33,00,2d,00,38,00,33,00,44,00,34,00,2d,00,34,00,43,00,37,00,35,00,42,00,36,\
00,37,00,42,00,41,00,32,00,39,00,43,00,7d,00,00,00,5c,00,44,00,65,00,76,00,\
69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,\
00,69,00,70,00,36,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,\
32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,\
00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,\
36,00,37,00,34,00,46,00,7d,00,00,00,00,00
"Route"=hex(7):22,00,53,00,6d,00,62,00,22,00,20,00,22,00,54,00,63,00,70,00,69,\
00,70,00,22,00,20,00,22,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,\
32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,\
00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,\
36,00,37,00,34,00,46,00,7d,00,22,00,00,00,22,00,53,00,6d,00,62,00,22,00,20,\
00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,37,00,\
46,00,30,00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,33,00,37,00,32,00,2d,\
00,34,00,42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,00,2d,00,34,00,36,00,\
41,00,31,00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,33,00,7d,00,22,00,00,\
00,22,00,53,00,6d,00,62,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,\
36,00,22,00,20,00,22,00,7b,00,31,00,35,00,39,00,45,00,41,00,44,00,33,00,38,\
00,2d,00,45,00,44,00,36,00,31,00,2d,00,34,00,35,00,30,00,33,00,2d,00,38,00,\
33,00,44,00,34,00,2d,00,34,00,43,00,37,00,35,00,42,00,36,00,37,00,42,00,41,\
00,32,00,39,00,43,00,7d,00,22,00,00,00,22,00,53,00,6d,00,62,00,22,00,20,00,\
22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,38,00,32,\
00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,\
34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,\
00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,22,00,00,00,\
22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,7b,00,38,00,32,00,30,\
00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,\
43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,\
00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,22,00,00,00,22,00,\
54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,37,00,46,00,30,\
00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,33,00,37,00,32,00,2d,00,34,00,\
42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,00,2d,00,34,00,36,00,41,00,31,\
00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,33,00,7d,00,22,00,00,00,22,00,\
54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,31,00,35,00,39,\
00,45,00,41,00,44,00,33,00,38,00,2d,00,45,00,44,00,36,00,31,00,2d,00,34,00,\
35,00,30,00,33,00,2d,00,38,00,33,00,44,00,34,00,2d,00,34,00,43,00,37,00,35,\
00,42,00,36,00,37,00,42,00,41,00,32,00,39,00,43,00,7d,00,22,00,00,00,22,00,\
54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,38,00,32,00,30,\
00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,\
43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,\
00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,22,00,00,00,22,00,\
4e,00,65,00,74,00,62,00,69,00,6f,00,73,00,53,00,6d,00,62,00,22,00,00,00,22,\
00,4e,00,65,00,74,00,42,00,54,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,\
70,00,22,00,20,00,22,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,\
00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,\
42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,\
00,37,00,34,00,46,00,7d,00,22,00,00,00,22,00,4e,00,65,00,74,00,42,00,54,00,\
22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,\
00,37,00,46,00,30,00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,33,00,37,00,\
32,00,2d,00,34,00,42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,00,2d,00,34,\
00,36,00,41,00,31,00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,33,00,7d,00,\
22,00,00,00,22,00,4e,00,65,00,74,00,42,00,54,00,22,00,20,00,22,00,54,00,63,\
00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,31,00,35,00,39,00,45,00,\
41,00,44,00,33,00,38,00,2d,00,45,00,44,00,36,00,31,00,2d,00,34,00,35,00,30,\
00,33,00,2d,00,38,00,33,00,44,00,34,00,2d,00,34,00,43,00,37,00,35,00,42,00,\
36,00,37,00,42,00,41,00,32,00,39,00,43,00,7d,00,22,00,00,00,22,00,4e,00,65,\
00,74,00,42,00,54,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,\
22,00,20,00,22,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,\
00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,\
41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,\
00,34,00,46,00,7d,00,22,00,00,00,00,00
"Export"=hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,\
00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,\
6f,00,6e,00,5f,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,\
00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,\
45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,\
00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,\
7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,\
00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,\
6f,00,6e,00,5f,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,\
00,5f,00,7b,00,37,00,46,00,30,00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,\
33,00,37,00,32,00,2d,00,34,00,42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,\
00,2d,00,34,00,36,00,41,00,31,00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,\
33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,\
00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,\
69,00,6f,00,6e,00,5f,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,\
00,36,00,5f,00,7b,00,31,00,35,00,39,00,45,00,41,00,44,00,33,00,38,00,2d,00,\
45,00,44,00,36,00,31,00,2d,00,34,00,35,00,30,00,33,00,2d,00,38,00,33,00,44,\
00,34,00,2d,00,34,00,43,00,37,00,35,00,42,00,36,00,37,00,42,00,41,00,32,00,\
39,00,43,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,\
00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,\
74,00,69,00,6f,00,6e,00,5f,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,\
00,70,00,36,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,\
2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,\
00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,\
37,00,34,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,\
00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,\
61,00,74,00,69,00,6f,00,6e,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,\
00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,\
33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,\
00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,\
00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,\
00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,\
6e,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,37,00,46,00,30,\
00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,33,00,37,00,32,00,2d,00,34,00,\
42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,00,2d,00,34,00,36,00,41,00,31,\
00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,33,00,7d,00,00,00,5c,00,44,00,\
65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,\
00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,54,00,\
63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,31,00,35,00,39,00,45,00,41,00,44,\
00,33,00,38,00,2d,00,45,00,44,00,36,00,31,00,2d,00,34,00,35,00,30,00,33,00,\
2d,00,38,00,33,00,44,00,34,00,2d,00,34,00,43,00,37,00,35,00,42,00,36,00,37,\
00,42,00,41,00,32,00,39,00,43,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,\
63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,\
00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,54,00,63,00,70,00,69,00,\
70,00,36,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,\
00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,\
41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,\
00,34,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,\
4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,\
00,74,00,69,00,6f,00,6e,00,5f,00,4e,00,65,00,74,00,62,00,69,00,6f,00,73,00,\
53,00,6d,00,62,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,\
00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,\
74,00,69,00,6f,00,6e,00,5f,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,\
00,70,00,69,00,70,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,\
32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,\
00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,\
36,00,37,00,34,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,\
00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,\
74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,4e,00,65,00,74,00,42,00,54,00,5f,\
00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,37,00,46,00,30,00,37,00,\
35,00,37,00,39,00,35,00,2d,00,30,00,33,00,37,00,32,00,2d,00,34,00,42,00,41,\
00,41,00,2d,00,42,00,36,00,30,00,43,00,2d,00,34,00,36,00,41,00,31,00,37,00,\
41,00,34,00,31,00,41,00,39,00,44,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,\
00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,\
72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,4e,00,65,00,74,\
00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,31,00,\
35,00,39,00,45,00,41,00,44,00,33,00,38,00,2d,00,45,00,44,00,36,00,31,00,2d,\
00,34,00,35,00,30,00,33,00,2d,00,38,00,33,00,44,00,34,00,2d,00,34,00,43,00,\
37,00,35,00,42,00,36,00,37,00,42,00,41,00,32,00,39,00,43,00,7d,00,00,00,5c,\
00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,\
6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,\
00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,\
5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,\
00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,\
2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,\
00,7d,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\NetworkProvider]
"DeviceName"="\\Device\\LanmanRedirector"
"Name"="Microsoft Windows Network"
"DisplayName"=hex(2):40,00,25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,\
00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,\
5c,00,77,00,6b,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,\
00,31,00,30,00,32,00,00,00
"ProviderPath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
6e,00,74,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,2e,00,64,00,6c,00,6c,00,00,\
00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,6b,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001
"EnablePlainTextPassword"=dword:00000000
"EnableSecuritySignature"=dword:00000001
"RequireSecuritySignature"=dword:00000000
"OtherDomains"=hex(7):00,00
:Commands
[reboot]
Schritt 2 Starte FRST, setze einen Haken bei "Addition.txt" und drücke auf Scan. Poste die beiden Logdateien. Schritt 3 Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier. Bitte poste mit deiner nächsten Antwort
|
|
05.05.2014, 19:35
| #17 |
 | doppelt unterstrichene grüne Wörter tauchen wahlos auf jeder Seite aufCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-05-2014
Ran by Linda at 2014-05-04 13:55:29 Run:1
Running from C:\Users\Linda\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
AppInit_DLLs: C:\PROGRA~2\GS_X64~1.ENA => C:\Program Files (x86)\GS_x64.Enabler [2759168 2014-01-11] ()
C:\Program Files (x86)\GS_x64.Enabler
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Winsock: Catalog5 09 C:\Windows\system32\tnns4djid.dll File Not found ()
FF Extension: BlooockTheAds - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\1sabunv2.default\Extensions\a-iuy7xg@ezzzxdzgh-.co.uk [2014-01-31]
FF Extension: SNT - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\1sabunv2.default\Extensions\an3b5@adragif.co.uk [2014-01-11]
FF Extension: Foun2Sauve - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\1sabunv2.default\Extensions\ljokyyoa@hroaaui.co.uk [2014-03-06]
CHR Extension: (SNT) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\iejjikkjonecgljgdifhmigmljfmhbid [2014-01-11]
CHR Extension: (YTBookMark) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhnkhjjenfhbamcakimhfjaoachpjhll [2014-01-11]
CHR Extension: (No Name) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnmadbdmfoolhnaaopgeompmkdcehilc [2014-01-11]
CHR Extension: (Flash Save) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\igiofjhpmpihnifddepnpngfjhkfenbp [2014-01-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 Update-Service; %SystemRoot%\System32\UpdSvc.dll [X]
C:\ProgramData\Greeattsaver
end
*****************
"C:\PROGRA~2\GS_X64~1.ENA" => Value Data removed successfully.
C:\Program Files (x86)\GS_x64.Enabler => Moved successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCR\PROTOCOLS\Filter\text/xml => Key deleted successfully.
HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945} => Key not found.
Winsock: Catalog entry 000000000009 => Deleted successfully.
C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\1sabunv2.default\Extensions\a-iuy7xg@ezzzxdzgh-.co.uk => Moved successfully.
C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\1sabunv2.default\Extensions\an3b5@adragif.co.uk => Moved successfully.
C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\1sabunv2.default\Extensions\ljokyyoa@hroaaui.co.uk => Moved successfully.
C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\iejjikkjonecgljgdifhmigmljfmhbid => Moved successfully.
C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhnkhjjenfhbamcakimhfjaoachpjhll => Moved successfully.
C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnmadbdmfoolhnaaopgeompmkdcehilc => Moved successfully.
C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\igiofjhpmpihnifddepnpngfjhkfenbp => Moved successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
Update-Service => Service stopped successfully.
Update-Service => Service deleted successfully.
C:\ProgramData\Greeattsaver => Moved successfully.
The system needed a reboot.
==== End of Fixlog ====
Code:
ATTFilter Farbar Service Scanner Version: 03-05-2014
Ran by Linda (administrator) on 05-05-2014 at 20:32:18
Running from "C:\Users\Linda\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-05-2014 01
Ran by Linda at 2014-05-05 20:31:20
Running from C:\Users\Linda\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7319 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.7319 - CyberLink Corp.) Hidden
Acer Arcade Instant On (x32 Version: 3.0.35.1 - Acer) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.1.68 - NewTech Infosystems)
Acer Bio Protection (HKLM-x32\...\InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}) (Version: 6.2.56 - Egis Technology Inc.)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.5.3 - Suyin Optronics Corp)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer PowerSmart Manager (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.06.3009 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.9.0715 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Airport Mania First Flight (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version: - Oberon Media)
Albelli Fotobücher (HKCU\...\{EE20E438-B675-4421-AB07-928F0EC9FB22}_is1) (Version: - Albelli)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)
Apple Application Support (HKLM-x32\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{10647DB1-F3AE-3440-5BDA-06EFE4A44108}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Backup Manager Advance (x32 Version: 2.0.1.68 - NewTech Infosystems) Hidden
Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
BlooockTheAds (HKLM-x32\...\{558295F0-DEC2-66EC-3830-04777EF7DA33}) (Version: - BllockTheeAds)
Bonjour (HKLM\...\{CA0D2F09-F811-48D4-843E-C87696C6A9D9}) (Version: 3.0.0.2 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}) (Version: 12.26.01 - Broadcom Corporation)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0527.1242.20909 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0527.1242.20909 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0527.1242.20909 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help English (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help French (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help German (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0527.1242.20909 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0527.1242.20909 - ATI) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
ENE CIR Receiver Driver (HKLM\...\2C293EC1A06665BB961CBA4EC7AFF4BF2BEAD042) (Version: 2.7.4.1 - ENE)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)
Fingerprint Solution (x32 Version: 6.1.56.0 - Egis Technology Inc.) Hidden
Foun2Sauve (HKLM-x32\...\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}) (Version: - Fuun22Save)
Free DVD Video Burner version 3.1.3.1123 (HKLM-x32\...\Free DVD Video Burner_is1) (Version: - DVDVideoSoft Ltd.)
Free Video Dub version 2.0.21.827 (HKLM-x32\...\Free Video Dub_is1) (Version: 2.0.21.827 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.17.1127 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.17.1127 - DVDVideoSoft Ltd.)
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}) (Version: 10.4.1.10 - Apple Inc.)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.06.00 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.34.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kies (HKLM-x32\...\InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}) (Version: 1.4 - Ihr Firmenname)
Kies (x32 Version: 1.4 - Ihr Firmenname) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.05 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Editor Free (HKLM-x32\...\Music Editor Free) (Version: - MEF GmbH.)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.630 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.630 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6636 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6636 - NewTech Infosystems) Hidden
Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version: - Oberon Media)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6004 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.450.0 - SAMSUNG Electronics Co., Ltd.)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.4.0 - Synaptics Incorporated)
TOEFL Sample Questions (HKLM-x32\...\{A8E9FAEE-4AC2-4A38-99D9-55D1F26F8163}) (Version: 4.00.0000 - ETS)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6000 - Broadcom Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
15-04-2014 09:01:24 Windows Update
22-04-2014 08:49:01 Windows Update
24-04-2014 07:59:11 Windows Update
29-04-2014 07:54:19 Windows Update
02-05-2014 14:33:56 Windows Update
03-05-2014 09:23:50 Windows Update
04-05-2014 12:05:57 OTL Restore Point - 04.05.2014 14:05:51
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {2B3B421C-B112-4B1E-906B-9FCB68FFFBFE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12] (Google Inc.)
Task: {48D43300-AC0D-4F0F-AE30-E38922F81CAB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated)
Task: {6FD15B3E-0665-4A12-BB31-DF280020EE5B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12] (Google Inc.)
Task: {8D1C98AD-9A73-43CB-BE7B-4D0213F438F4} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2008-05-26 12:24 - 2008-05-26 12:24 - 00103424 _____ () C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64.DLL
2010-12-07 23:17 - 2008-07-29 20:29 - 00200704 _____ () C:\Windows\PLFSetI.exe
2013-10-15 00:10 - 2014-04-10 14:46 - 00602680 _____ () C:\Users\Linda\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2010-03-26 11:41 - 2010-03-26 11:41 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-05-27 13:40 - 2010-05-27 13:40 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-11-15 12:23 - 2012-09-19 20:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2013-02-19 00:57 - 2014-04-10 14:46 - 36966968 _____ () C:\Users\Linda\AppData\Roaming\Spotify\Data\libcef.dll
2014-05-05 20:26 - 2014-05-05 20:26 - 00041984 _____ () c:\users\linda\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqsyyef.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Linda\AppData\Roaming\Dropbox\bin\libcef.dll
2014-04-01 15:51 - 2014-04-01 15:51 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-05-26 13:42 - 2011-05-26 13:42 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-10-15 00:10 - 2014-04-10 14:46 - 00886840 _____ () C:\Users\Linda\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-10-15 00:10 - 2014-04-10 14:46 - 00108600 _____ () C:\Users\Linda\AppData\Roaming\Spotify\Data\libegl.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Linda\Downloads\Best%E4tigung 88008_ Zumba _ _14_10_2013-08_02_2014.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/05/2014 07:58:15 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (05/05/2014 07:58:15 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (05/05/2014 07:58:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 94770
Error: (05/05/2014 07:58:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 94770
Error: (05/05/2014 07:58:14 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/05/2014 07:58:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 93756
Error: (05/05/2014 07:58:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 93756
Error: (05/05/2014 07:58:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/05/2014 07:58:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 92742
Error: (05/05/2014 07:58:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 92742
System errors:
=============
Error: (05/05/2014 08:23:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2
Error: (05/05/2014 08:23:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2
Error: (05/05/2014 08:23:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2
Error: (05/05/2014 08:23:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2
Error: (05/05/2014 08:23:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%2
Error: (05/05/2014 08:23:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2
Error: (05/05/2014 08:23:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2
Error: (05/05/2014 08:20:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2
Error: (05/05/2014 08:20:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2
Error: (05/05/2014 08:20:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2
Microsoft Office Sessions:
=========================
Error: (05/05/2014 07:58:15 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (05/05/2014 07:58:15 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (05/05/2014 07:58:14 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 94770
Error: (05/05/2014 07:58:14 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 94770
Error: (05/05/2014 07:58:14 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/05/2014 07:58:13 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 93756
Error: (05/05/2014 07:58:13 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 93756
Error: (05/05/2014 07:58:13 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (05/05/2014 07:58:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 92742
Error: (05/05/2014 07:58:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 92742
CodeIntegrity Errors:
===================================
Date: 2014-05-05 20:30:39.022
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-04 16:24:14.059
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-04 14:02:30.047
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-04 13:10:48.065
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-04 11:58:57.902
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-04 11:26:39.435
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-04 10:51:08.115
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-04 10:43:51.935
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-02 16:36:04.337
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-04-30 19:09:13.073
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 30%
Total physical RAM: 8054.78 MB
Available physical RAM: 5610.71 MB
Total Pagefile: 16107.73 MB
Available Pagefile: 13396.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:447.16 GB) (Free:313.72 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 30E48FFC)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Not Active) - (Size=4 GB) - (Type=12)
Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=447 GB) - (Type=OF Extended)
==================== End Of Log ============================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-05-2014 01
Ran by Linda (administrator) on LINDA-PC on 05-05-2014 20:29:51
Running from C:\Users\Linda\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Devguru Co., Ltd.) C:\Windows\System32\dgdersvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Linda\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Linda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\Linda\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Apple Inc.) C:\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
() C:\Users\Linda\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Linda\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Linda\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Linda\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Linda\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-02-26] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1825064 2009-09-03] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1157640 2009-10-07] (Dritek System Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [VitaKeyPdtWzd] => C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [3567616 2009-09-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-29] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2010-01-18] (Acer Corp.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\iTunesHelper.exe [421736 2011-08-19] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
HKU\S-1-5-21-1505542761-1467039662-2604364683-1000\...\Run: [Spotify] => C:\Users\Linda\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-10] (Spotify Ltd)
HKU\S-1-5-21-1505542761-1467039662-2604364683-1000\...\Run: [Spotify Web Helper] => C:\Users\Linda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-10] (Spotify Ltd)
HKU\S-1-5-21-1505542761-1467039662-2604364683-1000\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3365176 2010-06-07] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1505542761-1467039662-2604364683-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
Lsa: [Notification Packages] C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Linda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/event/ieatgpc1.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 82.212.62.62 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\1sabunv2.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ghostery - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\1sabunv2.default\Extensions\firefox@ghostery.com.xpi [2014-01-17]
FF Extension: Adblock Plus - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\1sabunv2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-22]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ []
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (No Name) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjjofjmfeojnoalmajliahdpdnecnic [2014-01-11]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 dgdersvc; C:\Windows\system32\dgdersvc.exe [119632 2010-05-25] (Devguru Co., Ltd.)
R2 dgdersvc; C:\Windows\SysWOW64\dgdersvc.exe [95568 2010-05-25] (Devguru Co., Ltd.)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [783392 2010-02-26] (Acer Incorporated)
R2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3450368 2009-09-05] (Egis Technology Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-15] (Avira Operations GmbH & Co. KG)
R3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20568 2010-05-25] (Devguru Co., Ltd)
R3 dgderdrv; C:\Windows\SysWOW64\drivers\dgderdrv.sys [18136 2010-05-25] (Devguru Co., Ltd)
S0 johci; C:\Windows\System32\DRIVERS\johci.sys [20392 2009-09-21] (JMicron )
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [146928 2010-01-18] (CyberLink Corp.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-05 20:30 - 2014-05-05 20:30 - 00408576 _____ (Farbar) C:\Users\Linda\Downloads\FSS.exe
2014-05-05 20:29 - 2014-05-05 20:29 - 02063872 _____ (Farbar) C:\Users\Linda\Desktop\FRST64.exe
2014-05-05 20:29 - 2014-05-05 20:29 - 00000000 ____D () C:\Users\Linda\Desktop\FRST-OlderVersion
2014-05-05 20:24 - 2014-05-05 20:24 - 00000000 ____D () C:\_OTL
2014-05-05 19:57 - 2014-05-05 19:57 - 00000000 ____D () C:\Users\Linda\AppData\Local\{2B2A15CB-EE30-494B-A10A-AE89A4805265}
2014-05-04 23:25 - 2014-05-04 23:25 - 00000000 ____D () C:\Users\Linda\AppData\Local\{E240B393-6E98-4085-8EFE-B50B4AAA3636}
2014-05-04 14:31 - 2014-05-04 14:25 - 00042816 _____ () C:\Users\Linda\Documents\OTL.7z
2014-05-04 14:29 - 2014-05-04 14:29 - 00584176 _____ () C:\Users\Linda\Desktop\OTL.Txt
2014-05-04 14:24 - 2014-05-04 14:24 - 00584176 _____ () C:\OTL.Txt
2014-05-04 14:19 - 2014-05-04 14:19 - 00584176 _____ () C:\Users\Linda\Downloads\OTL.Txt
2014-05-04 14:19 - 2014-05-04 14:19 - 00061638 _____ () C:\Users\Linda\Downloads\Extras.Txt
2014-05-04 13:59 - 2014-05-04 13:59 - 00602112 _____ (OldTimer Tools) C:\Users\Linda\Downloads\OTL.exe
2014-05-04 13:42 - 2014-05-04 13:42 - 00028229 _____ () C:\JRT.7z
2014-05-04 13:41 - 2014-05-04 13:41 - 00151423 _____ () C:\JRT.txt
2014-05-04 13:38 - 2014-05-04 13:38 - 01110476 _____ () C:\Users\Linda\Downloads\7z920.exe
2014-05-04 13:19 - 2014-05-04 13:19 - 00151423 _____ () C:\Users\Linda\Desktop\JRT.txt
2014-05-04 13:12 - 2014-05-04 13:12 - 00000000 ____D () C:\Windows\ERUNT
2014-05-04 13:11 - 2014-05-04 13:11 - 01016261 _____ (Thisisu) C:\Users\Linda\Downloads\JRT.exe
2014-05-04 13:07 - 2014-05-04 13:07 - 00002994 _____ () C:\Users\Linda\Desktop\mbam.txt
2014-05-04 12:01 - 2014-05-04 13:06 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-04 12:01 - 2014-05-04 12:01 - 00001146 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-04 12:01 - 2014-05-04 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-04 12:01 - 2014-05-04 12:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-04 12:01 - 2014-05-04 12:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-04 12:01 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-04 12:01 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-04 12:01 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-04 12:00 - 2014-05-04 12:00 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Linda\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-04 11:55 - 2014-05-04 11:55 - 00009122 _____ () C:\Users\Linda\Desktop\AdwCleaner[S0].txt
2014-05-04 11:51 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-04 11:50 - 2014-05-04 11:51 - 00000000 ____D () C:\AdwCleaner
2014-05-04 11:49 - 2014-05-04 11:49 - 01310621 _____ () C:\Users\Linda\Desktop\adwcleaner.exe
2014-05-03 17:39 - 2014-05-04 13:24 - 00025589 _____ () C:\Users\Linda\Desktop\Addition.txt
2014-05-03 17:38 - 2014-05-05 20:30 - 00017159 _____ () C:\Users\Linda\Desktop\FRST.txt
2014-05-03 17:37 - 2014-05-05 20:29 - 00000000 ____D () C:\FRST
2014-05-03 17:37 - 2014-05-03 17:37 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64(8).exe
2014-05-03 17:36 - 2014-05-03 17:36 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64(7).exe
2014-05-03 17:34 - 2014-05-03 17:35 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64(6).exe
2014-05-03 17:33 - 2014-05-03 17:33 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64(5).exe
2014-05-03 17:32 - 2014-05-03 17:32 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64(4).exe
2014-05-03 17:31 - 2014-05-03 17:31 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64(3).exe
2014-05-03 17:30 - 2014-05-03 17:30 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64(2).exe
2014-05-03 17:29 - 2014-05-03 17:29 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64.exe
2014-05-03 11:24 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 11:24 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-03 11:24 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-03 11:24 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-30 19:05 - 2014-04-30 19:05 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-30 19:05 - 2014-04-30 19:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-30 19:05 - 2014-04-30 19:05 - 00000000 ____D () C:\Users\Linda\AppData\Local\Skype
2014-04-30 19:05 - 2014-04-30 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-24 10:00 - 2014-04-24 10:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-23 14:32 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-23 14:32 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-18 23:57 - 2014-04-18 23:57 - 00921512 _____ (Oracle Corporation) C:\Users\Linda\Downloads\jxpiinstall(4).exe
2014-04-18 23:52 - 2014-04-18 23:52 - 00921512 _____ (Oracle Corporation) C:\Users\Linda\Downloads\jxpiinstall(3).exe
2014-04-18 23:51 - 2014-04-18 23:51 - 00921512 _____ (Oracle Corporation) C:\Users\Linda\Downloads\jxpiinstall(2).exe
2014-04-18 23:50 - 2014-04-18 23:50 - 00921512 _____ (Oracle Corporation) C:\Users\Linda\Downloads\jxpiinstall(1).exe
2014-04-18 23:49 - 2014-04-18 23:49 - 00921512 _____ (Oracle Corporation) C:\Users\Linda\Downloads\jxpiinstall.exe
2014-04-18 23:48 - 2014-04-18 23:48 - 00009626 _____ () C:\Users\Linda\Downloads\join.jnlp
2014-04-10 10:17 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-10 10:17 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-10 10:16 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-10 10:16 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-10 10:16 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-10 10:16 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-10 10:16 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-10 10:16 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-10 10:16 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-10 10:16 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-10 10:16 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-10 10:16 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-10 10:16 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-10 10:16 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-10 10:16 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-10 10:16 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-10 10:16 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-10 10:16 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-10 10:16 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-10 10:16 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-10 10:16 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-10 10:16 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-10 10:16 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-10 10:16 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-10 10:16 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-10 10:16 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-10 10:16 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-10 10:16 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-10 10:16 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-10 10:16 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-10 10:16 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-10 10:16 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-10 10:16 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-10 10:16 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-10 10:16 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-10 10:16 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-10 10:16 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-10 10:16 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-10 10:16 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-10 10:16 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-10 10:16 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-10 10:16 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-10 10:16 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-10 10:16 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-10 00:53 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-10 00:52 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 00:52 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 00:52 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 00:52 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 00:52 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 00:52 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 00:52 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 00:52 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 00:52 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 00:52 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 00:52 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 00:52 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 00:52 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 00:52 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 00:52 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 00:52 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
==================== One Month Modified Files and Folders =======
2014-05-05 20:31 - 2011-09-14 22:01 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Skype
2014-05-05 20:30 - 2014-05-05 20:30 - 00408576 _____ (Farbar) C:\Users\Linda\Downloads\FSS.exe
2014-05-05 20:30 - 2014-05-03 17:38 - 00017159 _____ () C:\Users\Linda\Desktop\FRST.txt
2014-05-05 20:30 - 2013-02-19 00:57 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Spotify
2014-05-05 20:29 - 2014-05-05 20:29 - 02063872 _____ (Farbar) C:\Users\Linda\Desktop\FRST64.exe
2014-05-05 20:29 - 2014-05-05 20:29 - 00000000 ____D () C:\Users\Linda\Desktop\FRST-OlderVersion
2014-05-05 20:29 - 2014-05-03 17:37 - 00000000 ____D () C:\FRST
2014-05-05 20:27 - 2012-01-12 00:29 - 00000000 ___RD () C:\Users\Linda\Dropbox
2014-05-05 20:27 - 2012-01-12 00:27 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Dropbox
2014-05-05 20:25 - 2011-11-12 18:25 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-05 20:25 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-05 20:25 - 2009-07-14 06:51 - 00109053 _____ () C:\Windows\setupact.log
2014-05-05 20:24 - 2014-05-05 20:24 - 00000000 ____D () C:\_OTL
2014-05-05 20:24 - 2010-12-07 23:07 - 01160476 _____ () C:\Windows\WindowsUpdate.log
2014-05-05 20:19 - 2013-03-01 13:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-05 20:07 - 2011-11-12 18:25 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-05 20:00 - 2010-12-08 07:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-05-05 20:00 - 2010-12-08 07:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-05-05 20:00 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-05 19:57 - 2014-05-05 19:57 - 00000000 ____D () C:\Users\Linda\AppData\Local\{2B2A15CB-EE30-494B-A10A-AE89A4805265}
2014-05-05 19:56 - 2013-02-19 00:57 - 00000000 ____D () C:\Users\Linda\AppData\Local\Spotify
2014-05-04 23:25 - 2014-05-04 23:25 - 00000000 ____D () C:\Users\Linda\AppData\Local\{E240B393-6E98-4085-8EFE-B50B4AAA3636}
2014-05-04 21:20 - 2011-10-24 18:12 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4C9EBBDB-9CAA-4481-A9F6-FDD4DC54F3A6}
2014-05-04 16:27 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-04 16:27 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-04 16:15 - 2011-10-19 20:26 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-04 14:32 - 2011-09-09 14:08 - 00000000 ____D () C:\Users\Linda\AppData\Local\VirtualStore
2014-05-04 14:29 - 2014-05-04 14:29 - 00584176 _____ () C:\Users\Linda\Desktop\OTL.Txt
2014-05-04 14:25 - 2014-05-04 14:31 - 00042816 _____ () C:\Users\Linda\Documents\OTL.7z
2014-05-04 14:24 - 2014-05-04 14:24 - 00584176 _____ () C:\OTL.Txt
2014-05-04 14:19 - 2014-05-04 14:19 - 00584176 _____ () C:\Users\Linda\Downloads\OTL.Txt
2014-05-04 14:19 - 2014-05-04 14:19 - 00061638 _____ () C:\Users\Linda\Downloads\Extras.Txt
2014-05-04 14:02 - 2011-11-12 18:25 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-04 14:02 - 2011-11-12 18:25 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-04 13:59 - 2014-05-04 13:59 - 00602112 _____ (OldTimer Tools) C:\Users\Linda\Downloads\OTL.exe
2014-05-04 13:57 - 2014-01-31 00:16 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-05-04 13:55 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-04 13:42 - 2014-05-04 13:42 - 00028229 _____ () C:\JRT.7z
2014-05-04 13:41 - 2014-05-04 13:41 - 00151423 _____ () C:\JRT.txt
2014-05-04 13:38 - 2014-05-04 13:38 - 01110476 _____ () C:\Users\Linda\Downloads\7z920.exe
2014-05-04 13:24 - 2014-05-03 17:39 - 00025589 _____ () C:\Users\Linda\Desktop\Addition.txt
2014-05-04 13:19 - 2014-05-04 13:19 - 00151423 _____ () C:\Users\Linda\Desktop\JRT.txt
2014-05-04 13:12 - 2014-05-04 13:12 - 00000000 ____D () C:\Windows\ERUNT
2014-05-04 13:11 - 2014-05-04 13:11 - 01016261 _____ (Thisisu) C:\Users\Linda\Downloads\JRT.exe
2014-05-04 13:07 - 2014-05-04 13:07 - 00002994 _____ () C:\Users\Linda\Desktop\mbam.txt
2014-05-04 13:06 - 2014-05-04 12:01 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-04 13:04 - 2010-12-07 23:04 - 00278430 _____ () C:\Windows\PFRO.log
2014-05-04 13:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Registration
2014-05-04 12:01 - 2014-05-04 12:01 - 00001146 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-04 12:01 - 2014-05-04 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-04 12:01 - 2014-05-04 12:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-04 12:01 - 2014-05-04 12:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-04 12:00 - 2014-05-04 12:00 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Linda\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-04 11:55 - 2014-05-04 11:55 - 00009122 _____ () C:\Users\Linda\Desktop\AdwCleaner[S0].txt
2014-05-04 11:51 - 2014-05-04 11:50 - 00000000 ____D () C:\AdwCleaner
2014-05-04 11:49 - 2014-05-04 11:49 - 01310621 _____ () C:\Users\Linda\Desktop\adwcleaner.exe
2014-05-03 17:37 - 2014-05-03 17:37 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64(8).exe
2014-05-03 17:36 - 2014-05-03 17:36 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64(7).exe
2014-05-03 17:35 - 2014-05-03 17:34 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64(6).exe
2014-05-03 17:33 - 2014-05-03 17:33 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64(5).exe
2014-05-03 17:32 - 2014-05-03 17:32 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64(4).exe
2014-05-03 17:31 - 2014-05-03 17:31 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64(3).exe
2014-05-03 17:30 - 2014-05-03 17:30 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64(2).exe
2014-05-03 17:29 - 2014-05-03 17:29 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64.exe
2014-05-03 14:28 - 2012-04-26 12:55 - 00000000 ____D () C:\Users\Linda\Documents\Promotionjobs
2014-04-30 19:06 - 2012-02-05 01:01 - 00001776 _____ () C:\Windows\wininit.ini
2014-04-30 19:06 - 2011-09-09 14:08 - 00000000 ___RD () C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-30 19:05 - 2014-04-30 19:05 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-30 19:05 - 2014-04-30 19:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-30 19:05 - 2014-04-30 19:05 - 00000000 ____D () C:\Users\Linda\AppData\Local\Skype
2014-04-30 19:05 - 2014-04-30 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-30 19:05 - 2012-01-12 00:29 - 00001021 _____ () C:\Users\Linda\Desktop\Dropbox.lnk
2014-04-30 19:05 - 2012-01-12 00:27 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-30 19:05 - 2011-09-14 22:01 - 00000000 ____D () C:\ProgramData\Skype
2014-04-29 18:19 - 2013-03-01 13:17 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 18:19 - 2012-09-07 13:02 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 18:19 - 2011-11-12 18:47 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 16:01 - 2014-05-03 11:24 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-03 11:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-03 11:24 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-03 11:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-24 10:00 - 2014-04-24 10:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-18 23:57 - 2014-04-18 23:57 - 00921512 _____ (Oracle Corporation) C:\Users\Linda\Downloads\jxpiinstall(4).exe
2014-04-18 23:52 - 2014-04-18 23:52 - 00921512 _____ (Oracle Corporation) C:\Users\Linda\Downloads\jxpiinstall(3).exe
2014-04-18 23:51 - 2014-04-18 23:51 - 00921512 _____ (Oracle Corporation) C:\Users\Linda\Downloads\jxpiinstall(2).exe
2014-04-18 23:50 - 2014-04-18 23:50 - 00921512 _____ (Oracle Corporation) C:\Users\Linda\Downloads\jxpiinstall(1).exe
2014-04-18 23:49 - 2014-04-18 23:49 - 00921512 _____ (Oracle Corporation) C:\Users\Linda\Downloads\jxpiinstall.exe
2014-04-18 23:48 - 2014-04-18 23:48 - 00009626 _____ () C:\Users\Linda\Downloads\join.jnlp
2014-04-18 10:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-14 04:24 - 2014-04-23 14:32 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-04-23 14:32 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-13 12:51 - 2012-10-11 12:48 - 00000000 ____D () C:\Users\Linda\Documents\UniStuff
2014-04-10 15:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-10 14:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
Files to move or delete:
====================
C:\Users\Linda\Office2003SP3-KB923618-FullFile-DEU.exe
Some content of TEMP:
====================
C:\Users\Linda\AppData\Local\Temp\2E910DC6-9049-4DBD-BD84-0D779634137D.exe
C:\Users\Linda\AppData\Local\Temp\74565FA9-21B2-4C87-99FA-1CE6E6C81A7A.exe
C:\Users\Linda\AppData\Local\Temp\AskSLib.dll
C:\Users\Linda\AppData\Local\Temp\avgnt.exe
C:\Users\Linda\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqsyyef.dll
C:\Users\Linda\AppData\Local\Temp\FastDownload.exe
C:\Users\Linda\AppData\Local\Temp\install_flashplayer11x64ax_gtbd_aih.exe
C:\Users\Linda\AppData\Local\Temp\Quarantine.exe
C:\Users\Linda\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Linda\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Linda\AppData\Local\Temp\Tsu27022B9B.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-29 09:52
==================== End Of Log ============================
--- --- --- |
|
06.05.2014, 13:20
| #18 |
| /// TB-Ausbilder | doppelt unterstrichene grüne Wörter tauchen wahlos auf jeder Seite auf Poste mir bitte die Logdatei des OTL-Fix.
__________________ |
|
06.05.2014, 18:36
| #19 |
| | doppelt unterstrichene grüne Wörter tauchen wahlos auf jeder Seite auf oh man bei den ganzen dateien hab ich wohl was durcheinander gebracht  sorry. ich hoff das hier is das richtigeCode:
ATTFilter ========== FILES ==========
C:\Windows\system32\UpdSvc.dll moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Joosoft.com\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Joosoft.com\ not found.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\\Update-Service-Installer-Service deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\\Update-Service deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\\"DisplayName"|"@%SystemRoot%\\System32\\dnsapi.dll,-101" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\\"Group"|"TDI" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\\"ImagePath"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\\"Description"|"@%SystemRoot%\\System32\\dnsapi.dll,-102" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\\"ObjectName"|"NT AUTHORITY\\NetworkService" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\\"ErrorControl"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\\"Start"|dword:00000002 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\\"Type"|dword:00000020 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\\"DependOnService"|hex(7):54,00,64,00,78,00,00,00,6e,00,73,00,69,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\\"ServiceSidType"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\\"RequiredPrivileges"|hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\\"FailureActions"|hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\\"ServiceDll"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,6e,00,73,00,72,00,73,00,6c,00,76,00,72,00,2e,00,64,00,6c,00,6c,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\\"ServiceDllUnloadOnStop"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\\"extension"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,6e,00,73,00,65,00,78,00,74,00,2e,00,64,00,6c,00,6c,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Parameters\DnsCache\\"ShutdownOnIdle"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\Security\\"Security"|hex:01,00,14,80,f8,00,00,00,04,01,00,00,14,00,00,00,30,00,00,00,02,00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,00,00,02,00,c8,00,08,00,00,00,00,02,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,00,02,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,02,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,02,14,00,8d,00,02,00,01,01,00,00,00,00,00,05,14,00,00,00,00,02,14,00,8d,00,02,00,01,01,00,00,00,00,00,05,13,00,00,00,00,02,18,00,cd,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,2c,02,00,00,00,02,28,00,cd,01,02,00,01,06,00,00,00,00,00,05,50,00,00,00,04,c9,44,af,94,d9,d3,e5,2b,e1,b7,1c,17,84,87,13,6e,1a,fa,65,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo\0\\"Type"|dword:00000004 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo\0\\"Action"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo\0\\"GUID"|hex:07,9e,56,b7,21,84,e0,4e,ad,10,86,91,5a,fd,ad,09 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo\0\\"Data0"|hex:35,00,33,00,35,00,35,00,00,00,55,00,44,00,50,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache\TriggerInfo\0\\"DataType0"|dword:00000002 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"DisplayName"|"@%systemroot%\\system32\\wkssvc.dll,-100" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"Group"|"NetworkProvider" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"ImagePath"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"Description"|"@%systemroot%\\system32\\wkssvc.dll,-101" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"ObjectName"|"NT AUTHORITY\\NetworkService" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"ErrorControl"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"Start"|dword:00000002 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"Type"|dword:00000020 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"DependOnService"|hex(7):42,00,6f,00,77,00,73,00,65,00,72,00,00,00,4d,00,52,00,78,00,53,00,6d,00,62,00,31,00,30,00,00,00,4d,00,52,00,78,00,53,00,6d,00,62,00,32,00,30,00,00,00,4e,00,53,00,49,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"ServiceSidType"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"RequiredPrivileges"|hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,75,00,64,00,69,00,74,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\\"FailureActions"|hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,00,01,00,00,00,60,ea,00,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage\\"Bind"|hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,37,00,46,00,30,00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,33,00,37,00,32,00,2d,00,34,00,42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,00,2d,00,34,00,36,00,41,00,31,00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,31,00,35,00,39,00,45,00,41,00,44,00,33,00,38,00,2d,00,45,00,44,00,36,00,31,00,2d,00,34,00,35,00,30,00,33,00,2d,00,38,00,33,00,44,00,34,00,2d,00,34,00,43,00,37,00,35,00,42,00,36,00,37,00,42,00,41,00,32,00,39,00,43,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,37,00,46,00,30,00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,33,00,37,00,32,00,2d,00,34,00,42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,00,2d,00,34,00,36,00,41,00,31,00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,31,00,35,00,39,00,45,00,41,00,44,00,33,00,38,00,2d,00,45,00,44,00,36,00,31,00,2d,00,34,00,35,00,30,00,33,00,2d,00,38,00,33,00,44,00,34,00,2d,00,34,00,43,00,37,00,35,00,42,00,36,00,37,00,42,00,41,00,32,00,39,00,43,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,62,00,69,00,6f,00,73,00,53,00,6d,00,62,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,37,00,46,00,30,00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,33,00,37,00,32,00,2d,00,34,00,42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,00,2d,00,34,00,36,00,41,00,31,00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,31,00,35,00,39,00,45,00,41,00,44,00,33,00,38,00,2d,00,45,00,44,00,36,00,31,00,2d,00,34,00,35,00,30,00,33,00,2d,00,38,00,33,00,44,00,34,00,2d,00,34,00,43,00,37,00,35,00,42,00,36,00,37,00,42,00,41,00,32,00,39,00,43,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage\\"Route"|hex(7):22,00,53,00,6d,00,62,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,22,00,00,00,22,00,53,00,6d,00,62,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,37,00,46,00,30,00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,33,00,37,00,32,00,2d,00,34,00,42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,00,2d,00,34,00,36,00,41,00,31,00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,33,00,7d,00,22,00,00,00,22,00,53,00,6d,00,62,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,31,00,35,00,39,00,45,00,41,00,44,00,33,00,38,00,2d,00,45,00,44,00,36,00,31,00,2d,00,34,00,35,00,30,00,33,00,2d,00,38,00,33,00,44,00,34,00,2d,00,34,00,43,00,37,00,35,00,42,00,36,00,37,00,42,00,41,00,32,00,39,00,43,00,7d,00,22,00,00,00,22,00,53,00,6d,00,62,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,22,00,00,00,22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,22,00,00,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,37,00,46,00,30,00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,33,00,37,00,32,00,2d,00,34,00,42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,00,2d,00,34,00,36,00,41,00,31,00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,33,00,7d,00,22,00,00,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,31,00,35,00,39,00,45,00,41,00,44,00,33,00,38,00,2d,00,45,00,44,00,36,00,31,00,2d,00,34,00,35,00,30,00,33,00,2d,00,38,00,33,00,44,00,34,00,2d,00,34,00,43,00,37,00,35,00,42,00,36,00,37,00,42,00,41,00,32,00,39,00,43,00,7d,00,22,00,00,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,22,00,00,00,22,00,4e,00,65,00,74,00,62,00,69,00,6f,00,73,00,53,00,6d,00,62,00,22,00,00,00,22,00,4e,00,65,00,74,00,42,00,54,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,22,00,20,00,22,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,22,00,00,00,22,00,4e,00,65,00,74,00,42,00,54,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,37,00,46,00,30,00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,33,00,37,00,32,00,2d,00,34,00,42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,00,2d,00,34,00,36,00,41,00,31,00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,33,00,7d,00,22,00,00,00,22,00,4e,00,65,00,74,00,42,00,54,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,31,00,35,00,39,00,45,00,41,00,44,00,33,00,38,00,2d,00,45,00,44,00,36,00,31,00,2d,00,34,00,35,00,30,00,33,00,2d,00,38,00,33,00,44,00,34,00,2d,00,34,00,43,00,37,00,35,00,42,00,36,00,37,00,42,00,41,00,32,00,39,00,43,00,7d,00,22,00,00,00,22,00,4e,00,65,00,74,00,42,00,54,00,22,00,20,00,22,00,54,00,63,00,70,00,69,00,70,00,36,00,22,00,20,00,22,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,22,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage\\"Export"|hex(7):5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,37,00,46,00,30,00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,33,00,37,00,32,00,2d,00,34,00,42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,00,2d,00,34,00,36,00,41,00,31,00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,31,00,35,00,39,00,45,00,41,00,44,00,33,00,38,00,2d,00,45,00,44,00,36,00,31,00,2d,00,34,00,35,00,30,00,33,00,2d,00,38,00,33,00,44,00,34,00,2d,00,34,00,43,00,37,00,35,00,42,00,36,00,37,00,42,00,41,00,32,00,39,00,43,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,53,00,6d,00,62,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,37,00,46,00,30,00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,33,00,37,00,32,00,2d,00,34,00,42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,00,2d,00,34,00,36,00,41,00,31,00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,31,00,35,00,39,00,45,00,41,00,44,00,33,00,38,00,2d,00,45,00,44,00,36,00,31,00,2d,00,34,00,35,00,30,00,33,00,2d,00,38,00,33,00,44,00,34,00,2d,00,34,00,43,00,37,00,35,00,42,00,36,00,37,00,42,00,41,00,32,00,39,00,43,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,4e,00,65,00,74,00,62,00,69,00,6f,00,73,00,53,00,6d,00,62,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,37,00,46,00,30,00,37,00,35,00,37,00,39,00,35,00,2d,00,30,00,33,00,37,00,32,00,2d,00,34,00,42,00,41,00,41,00,2d,00,42,00,36,00,30,00,43,00,2d,00,34,00,36,00,41,00,31,00,37,00,41,00,34,00,31,00,41,00,39,00,44,00,33,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,31,00,35,00,39,00,45,00,41,00,44,00,33,00,38,00,2d,00,45,00,44,00,36,00,31,00,2d,00,34,00,35,00,30,00,33,00,2d,00,38,00,33,00,44,00,34,00,2d,00,34,00,43,00,37,00,35,00,42,00,36,00,37,00,42,00,41,00,32,00,39,00,43,00,7d,00,00,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,5f,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,36,00,5f,00,7b,00,38,00,32,00,30,00,39,00,38,00,43,00,45,00,32,00,2d,00,39,00,35,00,45,00,33,00,2d,00,34,00,43,00,37,00,36,00,2d,00,41,00,42,00,41,00,37,00,2d,00,33,00,44,00,44,00,45,00,44,00,44,00,42,00,42,00,36,00,37,00,34,00,46,00,7d,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\NetworkProvider\\"DeviceName"|"\\Device\\LanmanRedirector" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\NetworkProvider\\"Name"|"Microsoft Windows Network" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\NetworkProvider\\"DisplayName"|hex(2):40,00,25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,6b,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,30,00,32,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\NetworkProvider\\"ProviderPath"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6e,00,74,00,6c,00,61,00,6e,00,6d,00,61,00,6e,00,2e,00,64,00,6c,00,6c,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\\"ServiceDll"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,6b,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\\"ServiceDllUnloadOnStop"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\\"EnablePlainTextPassword"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\\"EnableSecuritySignature"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\\"RequireSecuritySignature"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters\\"OtherDomains"|hex(7):00,00 /E : value set successfully!
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.69.0 log created on 05052014_202423
|
|
07.05.2014, 16:55
| #20 |
| /// TB-Ausbilder | doppelt unterstrichene grüne Wörter tauchen wahlos auf jeder Seite auf Servus, ok, gut gemacht.  und jetzt bitte nochmal FRST: Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan. FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt). Poste mir beide Logdateien mit deiner nächsten Antwort. |
|
08.05.2014, 08:29
| #21 |
| | doppelt unterstrichene grüne Wörter tauchen wahlos auf jeder Seite auf ok hier die zwei datein: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-05-2014 01
Ran by Linda at 2014-05-08 09:27:40
Running from C:\Users\Linda\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7319 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.7319 - CyberLink Corp.) Hidden
Acer Arcade Instant On (x32 Version: 3.0.35.1 - Acer) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.1.68 - NewTech Infosystems)
Acer Bio Protection (HKLM-x32\...\InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}) (Version: 6.2.56 - Egis Technology Inc.)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.5.3 - Suyin Optronics Corp)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer PowerSmart Manager (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.06.3009 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.9.0715 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Airport Mania First Flight (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}) (Version: - Oberon Media)
Albelli Fotobücher (HKCU\...\{EE20E438-B675-4421-AB07-928F0EC9FB22}_is1) (Version: - Albelli)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)
Apple Application Support (HKLM-x32\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{10647DB1-F3AE-3440-5BDA-06EFE4A44108}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Backup Manager Advance (x32 Version: 2.0.1.68 - NewTech Infosystems) Hidden
Bing Bar (HKLM-x32\...\{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}) (Version: 7.1.361.0 - Microsoft Corporation)
BlooockTheAds (HKLM-x32\...\{558295F0-DEC2-66EC-3830-04777EF7DA33}) (Version: - BllockTheeAds)
Bonjour (HKLM\...\{CA0D2F09-F811-48D4-843E-C87696C6A9D9}) (Version: 3.0.0.2 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}) (Version: 12.26.01 - Broadcom Corporation)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0527.1242.20909 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0527.1242.20909 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0527.1242.20909 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help English (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help French (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help German (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0527.1241.20909 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0527.1242.20909 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.0527.1242.20909 - ATI) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
ENE CIR Receiver Driver (HKLM\...\2C293EC1A06665BB961CBA4EC7AFF4BF2BEAD042) (Version: 2.7.4.1 - ENE)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)
Fingerprint Solution (x32 Version: 6.1.56.0 - Egis Technology Inc.) Hidden
Foun2Sauve (HKLM-x32\...\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}) (Version: - Fuun22Save)
Free DVD Video Burner version 3.1.3.1123 (HKLM-x32\...\Free DVD Video Burner_is1) (Version: - DVDVideoSoft Ltd.)
Free Video Dub version 2.0.21.827 (HKLM-x32\...\Free Video Dub_is1) (Version: 2.0.21.827 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.17.1127 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.17.1127 - DVDVideoSoft Ltd.)
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}) (Version: 10.4.1.10 - Apple Inc.)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.06.00 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.34.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kies (HKLM-x32\...\InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}) (Version: 1.4 - Ihr Firmenname)
Kies (x32 Version: 1.4 - Ihr Firmenname) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.05 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Default Manager (x32 Version: 2.2.114.0 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Editor Free (HKLM-x32\...\Music Editor Free) (Version: - MEF GmbH.)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.630 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.630 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6636 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6636 - NewTech Infosystems) Hidden
Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version: - Oberon Media)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6004 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.450.0 - SAMSUNG Electronics Co., Ltd.)
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.4.0 - Synaptics Incorporated)
TOEFL Sample Questions (HKLM-x32\...\{A8E9FAEE-4AC2-4A38-99D9-55D1F26F8163}) (Version: 4.00.0000 - ETS)
Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.186.6 - Intel)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.6000 - Broadcom Corporation)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
22-04-2014 08:49:01 Windows Update
24-04-2014 07:59:11 Windows Update
29-04-2014 07:54:19 Windows Update
02-05-2014 14:33:56 Windows Update
03-05-2014 09:23:50 Windows Update
04-05-2014 12:05:57 OTL Restore Point - 04.05.2014 14:05:51
06-05-2014 17:34:13 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {2B3B421C-B112-4B1E-906B-9FCB68FFFBFE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12] (Google Inc.)
Task: {48D43300-AC0D-4F0F-AE30-E38922F81CAB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated)
Task: {6FD15B3E-0665-4A12-BB31-DF280020EE5B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-12] (Google Inc.)
Task: {8D1C98AD-9A73-43CB-BE7B-4D0213F438F4} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2008-05-26 12:24 - 2008-05-26 12:24 - 00103424 _____ () C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64.DLL
2010-12-07 23:17 - 2008-07-29 20:29 - 00200704 _____ () C:\Windows\PLFSetI.exe
2013-10-15 00:10 - 2014-04-10 14:46 - 00602680 _____ () C:\Users\Linda\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2010-03-26 11:41 - 2010-03-26 11:41 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-05-27 13:40 - 2010-05-27 13:40 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-09-18 18:33 - 2007-08-09 15:48 - 00150016 _____ () C:\Users\Linda\Desktop\sweetdreams.exe
2012-11-15 12:23 - 2012-09-19 20:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2013-02-19 00:57 - 2014-04-10 14:46 - 36966968 _____ () C:\Users\Linda\AppData\Roaming\Spotify\Data\libcef.dll
2014-05-05 22:41 - 2014-05-05 22:41 - 00041984 _____ () c:\users\linda\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbyxvtz.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Linda\AppData\Roaming\Dropbox\bin\libcef.dll
2014-04-01 15:51 - 2014-04-01 15:51 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-05-26 13:42 - 2011-05-26 13:42 - 00067872 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-10-15 00:10 - 2014-04-10 14:46 - 00886840 _____ () C:\Users\Linda\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-10-15 00:10 - 2014-04-10 14:46 - 00108600 _____ () C:\Users\Linda\AppData\Roaming\Spotify\Data\libegl.dll
2011-05-26 13:41 - 2011-05-26 13:41 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-05-26 13:41 - 2011-05-26 13:41 - 00324896 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libtidy.dll
2014-04-29 18:19 - 2014-04-29 18:19 - 16351920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
2013-12-18 20:42 - 2013-12-18 20:42 - 00057344 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_de\brdlang32.DEU
2011-10-19 20:29 - 2014-05-06 19:41 - 09490944 _____ () C:\Users\Linda\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu
2013-12-18 20:42 - 2013-12-18 20:42 - 00305520 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
2012-07-27 22:51 - 2012-07-27 22:51 - 06549432 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\authplay.dll
2011-10-19 20:29 - 2014-05-06 19:41 - 03065856 _____ () C:\Users\Linda\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Annots.DEU
2011-10-19 21:04 - 2014-05-06 19:41 - 00075264 _____ () C:\Users\Linda\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Accessibility.DEU
2011-10-19 20:29 - 2014-05-06 19:41 - 01319424 _____ () C:\Users\Linda\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_AcroForm.DEU
2011-10-19 20:29 - 2014-05-06 19:41 - 00316416 _____ () C:\Users\Linda\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_DigSig.DEU
2011-10-19 20:29 - 2014-05-06 19:41 - 01180160 _____ () C:\Users\Linda\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_PPKLite.DEU
2011-10-19 20:35 - 2014-05-06 19:41 - 00012800 _____ () C:\Users\Linda\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_PDDom.DEU
2011-11-09 22:46 - 2014-05-06 19:41 - 00023040 _____ () C:\Users\Linda\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_SendMail.DEU
2011-10-19 20:29 - 2014-05-06 19:41 - 00100352 _____ () C:\Users\Linda\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_EScript.DEU
2011-10-24 18:23 - 2014-05-06 19:41 - 00025600 _____ () C:\Users\Linda\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_SaveAsRTF.DEU
2011-10-19 20:30 - 2014-05-06 19:41 - 00014336 _____ () C:\Users\Linda\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Updater.DEU
2011-10-19 21:04 - 2014-05-06 19:48 - 00083968 _____ () C:\Users\Linda\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_MakeAccessible.DEU
2011-10-19 21:04 - 2014-05-06 19:48 - 00029696 _____ () C:\Users\Linda\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Spelling.DEU
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Linda\Downloads\Best%E4tigung 88008_ Zumba _ _14_10_2013-08_02_2014.eml:OECustomProperty
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/08/2014 09:24:05 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (05/08/2014 09:24:05 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (05/08/2014 00:03:43 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (05/08/2014 00:03:43 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (05/08/2014 00:03:43 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (05/08/2014 00:03:43 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (05/06/2014 11:04:08 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (05/06/2014 07:19:41 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (05/06/2014 07:19:41 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (05/06/2014 07:19:41 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
System errors:
=============
Error: (05/05/2014 08:23:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2
Error: (05/05/2014 08:23:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2
Error: (05/05/2014 08:23:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2
Error: (05/05/2014 08:23:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2
Error: (05/05/2014 08:23:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "DNS-Client" wurde mit folgendem Fehler beendet:
%%2
Error: (05/05/2014 08:23:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2
Error: (05/05/2014 08:23:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2
Error: (05/05/2014 08:20:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2
Error: (05/05/2014 08:20:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2
Error: (05/05/2014 08:20:11 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2
Microsoft Office Sessions:
=========================
Error: (05/08/2014 09:24:05 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (05/08/2014 09:24:05 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (05/08/2014 00:03:43 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (05/08/2014 00:03:43 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (05/08/2014 00:03:43 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (05/08/2014 00:03:43 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (05/06/2014 11:04:08 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (05/06/2014 07:19:41 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (05/06/2014 07:19:41 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
Error: (05/06/2014 07:19:41 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
CodeIntegrity Errors:
===================================
Date: 2014-05-06 19:24:27.054
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-05 22:45:32.431
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-05 20:30:39.022
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-04 16:24:14.059
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-04 14:02:30.047
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-04 13:10:48.065
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-04 11:58:57.902
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-04 11:26:39.435
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-04 10:51:08.115
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-04 10:43:51.935
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 45%
Total physical RAM: 8054.78 MB
Available physical RAM: 4385.92 MB
Total Pagefile: 16107.73 MB
Available Pagefile: 11166.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:447.16 GB) (Free:313.02 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 30E48FFC)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Not Active) - (Size=4 GB) - (Type=12)
Partition 3: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=447 GB) - (Type=OF Extended)
==================== End Of Log ============================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-05-2014 01
Ran by Linda (administrator) on LINDA-PC on 08-05-2014 09:26:03
Running from C:\Users\Linda\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Devguru Co., Ltd.) C:\Windows\System32\dgdersvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\BASVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Linda\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Linda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\Linda\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
() C:\Users\Linda\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Linda\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
(Apple Inc.) C:\iTunesHelper.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Egis Technology Inc.) C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe
() C:\Users\Linda\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\Linda\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\iTunes.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtITunesPlugIn.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
() C:\Users\Linda\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Linda\Desktop\sweetdreams.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{CD019C0F-A02E-4A9F-8373-3F843F2F1BA4}\GoogleUpdateSetup.exe
(Google Inc.) C:\Program Files (x86)\GUM4654.tmp\GoogleUpdate.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9644576 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [496160 2010-02-26] (Acer Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1825064 2009-09-03] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1157640 2009-10-07] (Dritek System Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-05-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [VitaKeyPdtWzd] => C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe [3567616 2009-09-05] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-29] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2010-01-18] (Acer Corp.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\iTunesHelper.exe [421736 2011-08-19] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-18] (Avira Operations GmbH & Co. KG)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
HKU\S-1-5-21-1505542761-1467039662-2604364683-1000\...\Run: [Spotify] => C:\Users\Linda\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-10] (Spotify Ltd)
HKU\S-1-5-21-1505542761-1467039662-2604364683-1000\...\Run: [Spotify Web Helper] => C:\Users\Linda\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-10] (Spotify Ltd)
HKU\S-1-5-21-1505542761-1467039662-2604364683-1000\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3365176 2010-06-07] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1505542761-1467039662-2604364683-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1505542761-1467039662-2604364683-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
Lsa: [Notification Packages] C:\Program Files (x86)\Acer Bio Protection\PwdFilterV64
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Linda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/event/ieatgpc1.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 82.212.62.62 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\1sabunv2.default
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ghostery - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\1sabunv2.default\Extensions\firefox@ghostery.com.xpi [2014-01-17]
FF Extension: Adblock Plus - C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\1sabunv2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-22]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ []
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (No Name) - C:\Users\Linda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkjjofjmfeojnoalmajliahdpdnecnic [2014-01-11]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 dgdersvc; C:\Windows\system32\dgdersvc.exe [119632 2010-05-25] (Devguru Co., Ltd.)
R2 dgdersvc; C:\Windows\SysWOW64\dgdersvc.exe [95568 2010-05-25] (Devguru Co., Ltd.)
R2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [783392 2010-02-26] (Acer Incorporated)
R2 IGBASVC; C:\Program Files (x86)\Acer Bio Protection\BASVC.exe [3450368 2009-09-05] (Egis Technology Inc.)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-15] (Avira Operations GmbH & Co. KG)
R3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20568 2010-05-25] (Devguru Co., Ltd)
R3 dgderdrv; C:\Windows\SysWOW64\drivers\dgderdrv.sys [18136 2010-05-25] (Devguru Co., Ltd)
R0 johci; C:\Windows\System32\DRIVERS\johci.sys [20392 2009-09-21] (JMicron )
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [146928 2010-01-18] (CyberLink Corp.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-08 09:25 - 2014-05-08 09:25 - 06103040 _____ () C:\Program Files (x86)\GUT4655.tmp
2014-05-08 09:25 - 2014-05-08 09:25 - 00000000 ____D () C:\Program Files (x86)\GUM4654.tmp
2014-05-08 00:04 - 2014-05-08 00:04 - 00000000 ____D () C:\Users\Linda\AppData\Local\{35227CA1-E6CF-4D4B-B39F-DB448FBBDF2B}
2014-05-06 19:40 - 2014-05-06 19:40 - 00000000 ____D () C:\Users\Linda\AppData\Local\{6F467DA5-1D26-43A4-9C87-DFAAE5E3A66F}
2014-05-05 20:32 - 2014-05-05 20:32 - 00002084 _____ () C:\Users\Linda\Downloads\FSS.txt
2014-05-05 20:30 - 2014-05-05 20:30 - 00408576 _____ (Farbar) C:\Users\Linda\Downloads\FSS.exe
2014-05-05 20:29 - 2014-05-05 20:29 - 02063872 _____ (Farbar) C:\Users\Linda\Desktop\FRST64.exe
2014-05-05 20:29 - 2014-05-05 20:29 - 00000000 ____D () C:\Users\Linda\Desktop\FRST-OlderVersion
2014-05-05 20:24 - 2014-05-05 20:24 - 00000000 ____D () C:\_OTL
2014-05-05 19:57 - 2014-05-05 19:57 - 00000000 ____D () C:\Users\Linda\AppData\Local\{2B2A15CB-EE30-494B-A10A-AE89A4805265}
2014-05-04 23:25 - 2014-05-04 23:25 - 00000000 ____D () C:\Users\Linda\AppData\Local\{E240B393-6E98-4085-8EFE-B50B4AAA3636}
2014-05-04 14:31 - 2014-05-04 14:25 - 00042816 _____ () C:\Users\Linda\Documents\OTL.7z
2014-05-04 14:29 - 2014-05-04 14:29 - 00584176 _____ () C:\Users\Linda\Desktop\OTL.Txt
2014-05-04 14:24 - 2014-05-04 14:24 - 00584176 _____ () C:\OTL.Txt
2014-05-04 14:19 - 2014-05-04 14:19 - 00584176 _____ () C:\Users\Linda\Downloads\OTL.Txt
2014-05-04 14:19 - 2014-05-04 14:19 - 00061638 _____ () C:\Users\Linda\Downloads\Extras.Txt
2014-05-04 13:59 - 2014-05-04 13:59 - 00602112 _____ (OldTimer Tools) C:\Users\Linda\Downloads\OTL.exe
2014-05-04 13:42 - 2014-05-04 13:42 - 00028229 _____ () C:\JRT.7z
2014-05-04 13:41 - 2014-05-04 13:41 - 00151423 _____ () C:\JRT.txt
2014-05-04 13:38 - 2014-05-04 13:38 - 01110476 _____ () C:\Users\Linda\Downloads\7z920.exe
2014-05-04 13:19 - 2014-05-04 13:19 - 00151423 _____ () C:\Users\Linda\Desktop\JRT.txt
2014-05-04 13:12 - 2014-05-04 13:12 - 00000000 ____D () C:\Windows\ERUNT
2014-05-04 13:11 - 2014-05-04 13:11 - 01016261 _____ (Thisisu) C:\Users\Linda\Downloads\JRT.exe
2014-05-04 13:07 - 2014-05-04 13:07 - 00002994 _____ () C:\Users\Linda\Desktop\mbam.txt
2014-05-04 12:01 - 2014-05-04 13:06 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-04 12:01 - 2014-05-04 12:01 - 00001146 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-04 12:01 - 2014-05-04 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-04 12:01 - 2014-05-04 12:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-04 12:01 - 2014-05-04 12:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-04 12:01 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-04 12:01 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-04 12:01 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-04 12:00 - 2014-05-04 12:00 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Linda\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-04 11:55 - 2014-05-04 11:55 - 00009122 _____ () C:\Users\Linda\Desktop\AdwCleaner[S0].txt
2014-05-04 11:51 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-04 11:50 - 2014-05-04 11:51 - 00000000 ____D () C:\AdwCleaner
2014-05-04 11:49 - 2014-05-04 11:49 - 01310621 _____ () C:\Users\Linda\Desktop\adwcleaner.exe
2014-05-03 17:39 - 2014-05-05 20:32 - 00028971 _____ () C:\Users\Linda\Desktop\Addition.txt
2014-05-03 17:38 - 2014-05-08 09:26 - 00018547 _____ () C:\Users\Linda\Desktop\FRST.txt
2014-05-03 17:37 - 2014-05-08 09:26 - 00000000 ____D () C:\FRST
2014-05-03 17:37 - 2014-05-03 17:37 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64(8).exe
2014-05-03 17:36 - 2014-05-03 17:36 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64(7).exe
2014-05-03 17:34 - 2014-05-03 17:35 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64(6).exe
2014-05-03 17:33 - 2014-05-03 17:33 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64(5).exe
2014-05-03 17:32 - 2014-05-03 17:32 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64(4).exe
2014-05-03 17:31 - 2014-05-03 17:31 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64(3).exe
2014-05-03 17:30 - 2014-05-03 17:30 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64(2).exe
2014-05-03 17:29 - 2014-05-03 17:29 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64.exe
2014-05-03 11:24 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 11:24 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-03 11:24 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-03 11:24 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-30 19:05 - 2014-04-30 19:05 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-30 19:05 - 2014-04-30 19:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-30 19:05 - 2014-04-30 19:05 - 00000000 ____D () C:\Users\Linda\AppData\Local\Skype
2014-04-30 19:05 - 2014-04-30 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-24 10:00 - 2014-04-24 10:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-23 14:32 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-23 14:32 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-18 23:57 - 2014-04-18 23:57 - 00921512 _____ (Oracle Corporation) C:\Users\Linda\Downloads\jxpiinstall(4).exe
2014-04-18 23:52 - 2014-04-18 23:52 - 00921512 _____ (Oracle Corporation) C:\Users\Linda\Downloads\jxpiinstall(3).exe
2014-04-18 23:51 - 2014-04-18 23:51 - 00921512 _____ (Oracle Corporation) C:\Users\Linda\Downloads\jxpiinstall(2).exe
2014-04-18 23:50 - 2014-04-18 23:50 - 00921512 _____ (Oracle Corporation) C:\Users\Linda\Downloads\jxpiinstall(1).exe
2014-04-18 23:49 - 2014-04-18 23:49 - 00921512 _____ (Oracle Corporation) C:\Users\Linda\Downloads\jxpiinstall.exe
2014-04-18 23:48 - 2014-04-18 23:48 - 00009626 _____ () C:\Users\Linda\Downloads\join.jnlp
2014-04-10 10:17 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-10 10:17 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-10 10:16 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-10 10:16 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-10 10:16 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-10 10:16 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-10 10:16 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-10 10:16 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-10 10:16 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-10 10:16 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-10 10:16 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-10 10:16 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-10 10:16 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-10 10:16 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-10 10:16 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-10 10:16 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-10 10:16 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-10 10:16 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-10 10:16 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-10 10:16 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-10 10:16 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-10 10:16 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-10 10:16 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-10 10:16 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-10 10:16 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-10 10:16 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-10 10:16 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-10 10:16 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-10 10:16 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-10 10:16 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-10 10:16 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-10 10:16 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-10 10:16 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-10 10:16 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-10 10:16 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-10 10:16 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-10 10:16 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-10 10:16 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-10 10:16 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-10 10:16 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-10 10:16 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-10 10:16 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-10 10:16 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-10 10:16 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-10 00:53 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-10 00:52 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 00:52 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 00:52 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 00:52 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 00:52 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 00:52 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 00:52 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 00:52 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 00:52 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 00:52 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 00:52 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 00:52 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 00:52 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 00:52 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 00:52 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 00:52 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
==================== One Month Modified Files and Folders =======
2014-05-08 09:26 - 2014-05-03 17:38 - 00018547 _____ () C:\Users\Linda\Desktop\FRST.txt
2014-05-08 09:26 - 2014-05-03 17:37 - 00000000 ____D () C:\FRST
2014-05-08 09:26 - 2011-11-12 18:25 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 09:26 - 2011-11-12 18:25 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 09:26 - 2011-11-12 18:25 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-08 09:26 - 2011-11-12 18:25 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-08 09:25 - 2014-05-08 09:25 - 06103040 _____ () C:\Program Files (x86)\GUT4655.tmp
2014-05-08 09:25 - 2014-05-08 09:25 - 00000000 ____D () C:\Program Files (x86)\GUM4654.tmp
2014-05-08 09:24 - 2011-09-14 22:01 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Skype
2014-05-08 09:24 - 2010-12-07 23:07 - 01214134 _____ () C:\Windows\WindowsUpdate.log
2014-05-08 09:23 - 2013-03-01 13:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-08 09:23 - 2013-02-19 00:57 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Spotify
2014-05-08 00:07 - 2011-10-24 18:12 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4C9EBBDB-9CAA-4481-A9F6-FDD4DC54F3A6}
2014-05-08 00:06 - 2010-12-08 07:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-05-08 00:06 - 2010-12-08 07:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-05-08 00:06 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-08 00:04 - 2014-05-08 00:04 - 00000000 ____D () C:\Users\Linda\AppData\Local\{35227CA1-E6CF-4D4B-B39F-DB448FBBDF2B}
2014-05-08 00:03 - 2013-02-19 00:57 - 00000000 ____D () C:\Users\Linda\AppData\Local\Spotify
2014-05-06 19:40 - 2014-05-06 19:40 - 00000000 ____D () C:\Users\Linda\AppData\Local\{6F467DA5-1D26-43A4-9C87-DFAAE5E3A66F}
2014-05-06 19:34 - 2012-01-12 00:29 - 00000000 ___RD () C:\Users\Linda\Dropbox
2014-05-06 19:34 - 2012-01-12 00:27 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Dropbox
2014-05-06 19:22 - 2009-07-14 06:51 - 00109221 _____ () C:\Windows\setupact.log
2014-05-05 22:50 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-05 22:50 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-05 22:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-05-05 22:40 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-05 20:32 - 2014-05-05 20:32 - 00002084 _____ () C:\Users\Linda\Downloads\FSS.txt
2014-05-05 20:32 - 2014-05-03 17:39 - 00028971 _____ () C:\Users\Linda\Desktop\Addition.txt
2014-05-05 20:30 - 2014-05-05 20:30 - 00408576 _____ (Farbar) C:\Users\Linda\Downloads\FSS.exe
2014-05-05 20:29 - 2014-05-05 20:29 - 02063872 _____ (Farbar) C:\Users\Linda\Desktop\FRST64.exe
2014-05-05 20:29 - 2014-05-05 20:29 - 00000000 ____D () C:\Users\Linda\Desktop\FRST-OlderVersion
2014-05-05 20:24 - 2014-05-05 20:24 - 00000000 ____D () C:\_OTL
2014-05-05 19:57 - 2014-05-05 19:57 - 00000000 ____D () C:\Users\Linda\AppData\Local\{2B2A15CB-EE30-494B-A10A-AE89A4805265}
2014-05-04 23:25 - 2014-05-04 23:25 - 00000000 ____D () C:\Users\Linda\AppData\Local\{E240B393-6E98-4085-8EFE-B50B4AAA3636}
2014-05-04 16:15 - 2011-10-19 20:26 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-05-04 14:32 - 2011-09-09 14:08 - 00000000 ____D () C:\Users\Linda\AppData\Local\VirtualStore
2014-05-04 14:29 - 2014-05-04 14:29 - 00584176 _____ () C:\Users\Linda\Desktop\OTL.Txt
2014-05-04 14:25 - 2014-05-04 14:31 - 00042816 _____ () C:\Users\Linda\Documents\OTL.7z
2014-05-04 14:24 - 2014-05-04 14:24 - 00584176 _____ () C:\OTL.Txt
2014-05-04 14:19 - 2014-05-04 14:19 - 00584176 _____ () C:\Users\Linda\Downloads\OTL.Txt
2014-05-04 14:19 - 2014-05-04 14:19 - 00061638 _____ () C:\Users\Linda\Downloads\Extras.Txt
2014-05-04 13:59 - 2014-05-04 13:59 - 00602112 _____ (OldTimer Tools) C:\Users\Linda\Downloads\OTL.exe
2014-05-04 13:57 - 2014-01-31 00:16 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-05-04 13:55 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-04 13:42 - 2014-05-04 13:42 - 00028229 _____ () C:\JRT.7z
2014-05-04 13:41 - 2014-05-04 13:41 - 00151423 _____ () C:\JRT.txt
2014-05-04 13:38 - 2014-05-04 13:38 - 01110476 _____ () C:\Users\Linda\Downloads\7z920.exe
2014-05-04 13:19 - 2014-05-04 13:19 - 00151423 _____ () C:\Users\Linda\Desktop\JRT.txt
2014-05-04 13:12 - 2014-05-04 13:12 - 00000000 ____D () C:\Windows\ERUNT
2014-05-04 13:11 - 2014-05-04 13:11 - 01016261 _____ (Thisisu) C:\Users\Linda\Downloads\JRT.exe
2014-05-04 13:07 - 2014-05-04 13:07 - 00002994 _____ () C:\Users\Linda\Desktop\mbam.txt
2014-05-04 13:06 - 2014-05-04 12:01 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-04 13:04 - 2010-12-07 23:04 - 00278430 _____ () C:\Windows\PFRO.log
2014-05-04 13:04 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Registration
2014-05-04 12:01 - 2014-05-04 12:01 - 00001146 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-04 12:01 - 2014-05-04 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-04 12:01 - 2014-05-04 12:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-04 12:01 - 2014-05-04 12:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-04 12:00 - 2014-05-04 12:00 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Linda\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-04 11:55 - 2014-05-04 11:55 - 00009122 _____ () C:\Users\Linda\Desktop\AdwCleaner[S0].txt
2014-05-04 11:51 - 2014-05-04 11:50 - 00000000 ____D () C:\AdwCleaner
2014-05-04 11:49 - 2014-05-04 11:49 - 01310621 _____ () C:\Users\Linda\Desktop\adwcleaner.exe
2014-05-03 17:37 - 2014-05-03 17:37 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64(8).exe
2014-05-03 17:36 - 2014-05-03 17:36 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64(7).exe
2014-05-03 17:35 - 2014-05-03 17:34 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64(6).exe
2014-05-03 17:33 - 2014-05-03 17:33 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64(5).exe
2014-05-03 17:32 - 2014-05-03 17:32 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64(4).exe
2014-05-03 17:31 - 2014-05-03 17:31 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64(3).exe
2014-05-03 17:30 - 2014-05-03 17:30 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64(2).exe
2014-05-03 17:29 - 2014-05-03 17:29 - 02062336 _____ (Farbar) C:\Users\Linda\Downloads\FRST64.exe
2014-05-03 14:28 - 2012-04-26 12:55 - 00000000 ____D () C:\Users\Linda\Documents\Promotionjobs
2014-04-30 19:06 - 2012-02-05 01:01 - 00001776 _____ () C:\Windows\wininit.ini
2014-04-30 19:06 - 2011-09-09 14:08 - 00000000 ___RD () C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-30 19:05 - 2014-04-30 19:05 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-04-30 19:05 - 2014-04-30 19:05 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-30 19:05 - 2014-04-30 19:05 - 00000000 ____D () C:\Users\Linda\AppData\Local\Skype
2014-04-30 19:05 - 2014-04-30 19:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-30 19:05 - 2012-01-12 00:29 - 00001021 _____ () C:\Users\Linda\Desktop\Dropbox.lnk
2014-04-30 19:05 - 2012-01-12 00:27 - 00000000 ____D () C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-30 19:05 - 2011-09-14 22:01 - 00000000 ____D () C:\ProgramData\Skype
2014-04-29 18:19 - 2013-03-01 13:17 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 18:19 - 2012-09-07 13:02 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 18:19 - 2011-11-12 18:47 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 16:01 - 2014-05-03 11:24 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-03 11:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-03 11:24 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-03 11:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-24 10:00 - 2014-04-24 10:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-04-18 23:57 - 2014-04-18 23:57 - 00921512 _____ (Oracle Corporation) C:\Users\Linda\Downloads\jxpiinstall(4).exe
2014-04-18 23:52 - 2014-04-18 23:52 - 00921512 _____ (Oracle Corporation) C:\Users\Linda\Downloads\jxpiinstall(3).exe
2014-04-18 23:51 - 2014-04-18 23:51 - 00921512 _____ (Oracle Corporation) C:\Users\Linda\Downloads\jxpiinstall(2).exe
2014-04-18 23:50 - 2014-04-18 23:50 - 00921512 _____ (Oracle Corporation) C:\Users\Linda\Downloads\jxpiinstall(1).exe
2014-04-18 23:49 - 2014-04-18 23:49 - 00921512 _____ (Oracle Corporation) C:\Users\Linda\Downloads\jxpiinstall.exe
2014-04-18 23:48 - 2014-04-18 23:48 - 00009626 _____ () C:\Users\Linda\Downloads\join.jnlp
2014-04-14 04:24 - 2014-04-23 14:32 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-04-23 14:32 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-13 12:51 - 2012-10-11 12:48 - 00000000 ____D () C:\Users\Linda\Documents\UniStuff
2014-04-10 15:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-10 14:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
Files to move or delete:
====================
C:\Users\Linda\Office2003SP3-KB923618-FullFile-DEU.exe
Some content of TEMP:
====================
C:\Users\Linda\AppData\Local\Temp\2E910DC6-9049-4DBD-BD84-0D779634137D.exe
C:\Users\Linda\AppData\Local\Temp\74565FA9-21B2-4C87-99FA-1CE6E6C81A7A.exe
C:\Users\Linda\AppData\Local\Temp\AskSLib.dll
C:\Users\Linda\AppData\Local\Temp\avgnt.exe
C:\Users\Linda\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbyxvtz.dll
C:\Users\Linda\AppData\Local\Temp\FastDownload.exe
C:\Users\Linda\AppData\Local\Temp\install_flashplayer11x64ax_gtbd_aih.exe
C:\Users\Linda\AppData\Local\Temp\Quarantine.exe
C:\Users\Linda\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Linda\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Linda\AppData\Local\Temp\Tsu27022B9B.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-29 09:52
==================== End Of Log ============================
--- --- --- |
|
08.05.2014, 09:26
| #22 |
| /// TB-Ausbilder | doppelt unterstrichene grüne Wörter tauchen wahlos auf jeder Seite auf Gibt es noch Probleme mit unterschrichenen Wörtern? Wenn ja, in welchem Browser? Wir kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit) | SystemLook (64 bit)
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
08.05.2014, 09:41
| #23 |
| | doppelt unterstrichene grüne Wörter tauchen wahlos auf jeder Seite auf Ich verwende Firefox und es sieht alles super aus Alle unterstrichene Wörter sind weg und die ganzen Werbeanzeigen auch! ich bin dir absolut dankbar! Lasse dann jetzt die letzten Scans laufen und poste sie dann (wahrscheinlich erst heut abend) |
|
08.05.2014, 13:27
| #24 |
| /// TB-Ausbilder | doppelt unterstrichene grüne Wörter tauchen wahlos auf jeder Seite auf Alles klar, dann bis später. |
|
08.05.2014, 17:48
| #25 |
| | doppelt unterstrichene grüne Wörter tauchen wahlos auf jeder Seite aufCode:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 10:42 on 08/05/2014 by Linda
Administrator - Elevation successful
========== folderfind ==========
Searching for "Foun2Sauve"
C:\ProgramData\Foun2Sauve d------ [14:15 06/03/2014]
C:\Users\All Users\Foun2Sauve d------ [14:15 06/03/2014]
Searching for "Fuun22Save"
No folders found.
========== regfind ==========
Searching for "Foun2Sauve"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fuun22Save.Fuun22Save]
@="Foun2Sauve"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fuun22Save.Fuun22Save.4.5]
@="Foun2Sauve"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}]
"ProductName"="Foun2Sauve"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}]
"DisplayName"="Foun2Sauve"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}]
"UninstallString"=""C:\ProgramData\Foun2Sauve\s.exe" /s /n /i:"ExecuteCommands;UninstallCommands" """
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}]
"SilentUninstall"=""C:\ProgramData\Foun2Sauve\s.exe" /s /n /i:"ExecuteCommands;UninstallCommands" """
Searching for "Fuun22Save"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fuun22Save.Fuun22Save]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fuun22Save.Fuun22Save\CurVer]
@="Fuun22Save.4.5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Fuun22Save.Fuun22Save.4.5]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D9BEFAE-9499-F52B-6CC4-94818CCC2AB5}]
"Publisher"="Fuun22Save"
Searching for " "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32]
"ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/>
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000]
"DriverDesc"="ATI Mobility Radeon HD 5650 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\Settings]
"Device Description"="ATI Mobility Radeon HD 5650 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{DF589C6A-C8FE-4B4C-8094-8472B87C989D}\0000]
"DriverDesc"="ATI Mobility Radeon HD 5650 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{DF589C6A-C8FE-4B4C-8094-8472B87C989D}\0000\Settings]
"Device Description"="ATI Mobility Radeon HD 5650 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{DF589C6A-C8FE-4B4C-8094-8472B87C989D}\0001]
"DriverDesc"="ATI Mobility Radeon HD 5650 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{DF589C6A-C8FE-4B4C-8094-8472B87C989D}\0001\Settings]
"Device Description"="ATI Mobility Radeon HD 5650 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_1002&DEV_68C1&SUBSYS_03111025&REV_00\4&132d5c7d&0&0008]
"DeviceDesc"="ATI Mobility Radeon HD 5650 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_SCSI#DISK&VEN_JMCR&PROD_SD#MMC&REV_#5&BD52B16&0&000000#]
"DeviceDesc"="SD/MMC "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09082752BEC0E9&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.70#000A27002055C61B&0#]
"DeviceDesc"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdkmdap\Device0]
"Device Description"="ATI Mobility Radeon HD 5650 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdkmdap\Device1]
"Device Description"="ATI Mobility Radeon HD 5650 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdkmdap\Device2]
"Device Description"="ATI Mobility Radeon HD 5650 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdkmdap\Device3]
"Device Description"="ATI Mobility Radeon HD 5650 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000]
"DriverDesc"="ATI Mobility Radeon HD 5650 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\Settings]
"Device Description"="ATI Mobility Radeon HD 5650 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\PCI\VEN_1002&DEV_68C1&SUBSYS_03111025&REV_00\4&132d5c7d&0&0008]
"DeviceDesc"="ATI Mobility Radeon HD 5650 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_SCSI#DISK&VEN_JMCR&PROD_SD#MMC&REV_#5&BD52B16&0&000000#]
"DeviceDesc"="SD/MMC "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09082752BEC0E9&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.70#000A27002055C61B&0#]
"DeviceDesc"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\amdkmdap\Device0]
"Device Description"="ATI Mobility Radeon HD 5650 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\amdkmdap\Device1]
"Device Description"="ATI Mobility Radeon HD 5650 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\amdkmdap\Device2]
"Device Description"="ATI Mobility Radeon HD 5650 "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\amdkmdap\Device3]
"Device Description"="ATI Mobility Radeon HD 5650 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000]
"DriverDesc"="ATI Mobility Radeon HD 5650 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\Settings]
"Device Description"="ATI Mobility Radeon HD 5650 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{DF589C6A-C8FE-4B4C-8094-8472B87C989D}\0000]
"DriverDesc"="ATI Mobility Radeon HD 5650 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{DF589C6A-C8FE-4B4C-8094-8472B87C989D}\0000\Settings]
"Device Description"="ATI Mobility Radeon HD 5650 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{DF589C6A-C8FE-4B4C-8094-8472B87C989D}\0001]
"DriverDesc"="ATI Mobility Radeon HD 5650 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{DF589C6A-C8FE-4B4C-8094-8472B87C989D}\0001\Settings]
"Device Description"="ATI Mobility Radeon HD 5650 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\PCI\VEN_1002&DEV_68C1&SUBSYS_03111025&REV_00\4&132d5c7d&0&0008]
"DeviceDesc"="ATI Mobility Radeon HD 5650 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_SCSI#DISK&VEN_JMCR&PROD_SD#MMC&REV_#5&BD52B16&0&000000#]
"DeviceDesc"="SD/MMC "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_&REV_0.00#09082752BEC0E9&0#]
"DeviceDesc"=" "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_1.70#000A27002055C61B&0#]
"DeviceDesc"="iPod "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\amdkmdap\Device0]
"Device Description"="ATI Mobility Radeon HD 5650 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\amdkmdap\Device1]
"Device Description"="ATI Mobility Radeon HD 5650 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\amdkmdap\Device2]
"Device Description"="ATI Mobility Radeon HD 5650 "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\amdkmdap\Device3]
"Device Description"="ATI Mobility Radeon HD 5650 "
-= EOF =-
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=49b677f39f10744d93b9a1752e178bba
# engine=0
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-08 09:12:00
# local_time=2014-05-08 11:12:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 0 264960010 0 0
# compatibility_mode=5893 16776573 100 94 130203 151170170 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=1285
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=49b677f39f10744d93b9a1752e178bba
# engine=0
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-08 01:12:53
# local_time=2014-05-08 03:12:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 0 264974463 13688 0
# compatibility_mode=5893 16776573 100 94 144656 151184623 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=14369
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=49b677f39f10744d93b9a1752e178bba
# engine=18183
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-08 04:36:31
# local_time=2014-05-08 06:36:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 0 264986681 25906 0
# compatibility_mode=5893 16776573 100 94 156874 151196841 0 0
# scanned=266347
# found=0
# cleaned=0
# scan_time=12010
Code:
ATTFilter Results of screen317's Security Check version 0.99.82
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 13.0.0.206
Adobe Reader 10.1.9 Adobe Reader out of Date!
Mozilla Firefox (28.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
|
|
08.05.2014, 18:46
| #26 |
| /// TB-Ausbilder | doppelt unterstrichene grüne Wörter tauchen wahlos auf jeder Seite auf Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Schritt 1 Die Reihenfolge ist hier entscheidend.
Schritt 2 Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
08.05.2014, 19:15
| #27 |
| | doppelt unterstrichene grüne Wörter tauchen wahlos auf jeder Seite auf Es sieht alles gut aus Vielen vielen Dank, ich bin echt froh wieder "sauber zu sein".habe die letzten Schritte alle ausgeführt und hat auch alles geklappt. In dem Fall sind wir fertig, kannst du dann auch den ganzen Thread löschen? Nochmals vielen Dank für deine Zeit und Mühe liebe grüße |
|
09.05.2014, 11:14
| #28 | |
| /// TB-Ausbilder | doppelt unterstrichene grüne Wörter tauchen wahlos auf jeder Seite aufZitat:
Ich bin froh, dass wir helfen konnten  In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu doppelt unterstrichene grüne Wörter tauchen wahlos auf jeder Seite auf |
| blau unterstrichen, blockieren, einfach, interpretieren, pup.optional.installiq, pup.optional.multiplug.a, pup.optional.youtubeadblocker.a, tauchen, versuch, versucht, werbeseite, werbeseiten |
Textbox.
Linear-Darstellung
